Security Updates - CVE Database

List of security vulnerabilities fixed in NetFlow Analyzer

This page contains a list of all security vulnerabilities fixed in NetFlow Analyzer along with its CVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

Download

CVE ID Synopsis Severity Fixed in version Link to latest build
CVE-2023-47211 Earlier, path traversal vulnerability was detected for MIB browser. This issue has now been fixed by implementing path sanitization. High 127260 / 127248 / 127193 / 127142 Download
CVE-2022-37024 Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv6 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. Critical  126120 / 126105 / 126003 / 125658
CVE-2022-38772 Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. Critical  126120 / 126105 / 126003 / 125658
CVE-2022-36923 A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) Critical  126118 / 126104 / 126002 / 125657
CVE-2022-35404 Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) Medium 125639/ 125655/ 126101
CVE-2022-24703 Earlier, there was a stored XSS vulnerability in the Schedule name field of Schedule page. This issue is fixed now. Medium 125584
Internal Authentication bypass vulnerability in file import APIs in the NetFlow EE Central Server High 125476/125565
CVE-2021-43319 Remote Code Execution (RCE) vulnerability in the Ping functionality High 125488
CVE-2021-41075 SQL Injection in Attacks module API High 125464
CVE-2021-20078 Folder deletion due to Path Traversal vulnerability in Sparkgateway jar Critical 125362, 125332 and 125347
CVE-2021-3287 Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. Critical 125220
CVE-2020-12116 Path Traversal vulnerability High 124196/125125
CVE-2020-11946 Unauthenticated access to API key disclosure from a servlet call High 124188/125120
CVE-2020-11527 File read vulnerability in Arbitrary file High 124181
CVE-2020-10541 Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs High 124172
Internal XML injection vulnerability in IPGroup bulk load High 124168
CVE-2019-17421 Incorrect file permissions on the packaged Nipper executable file Medium 124079 and 124099
CVE-2017-11560 HTML Injection vulnerability Medium 124033
CVE-2019-12196 SQL Injection vulnerability in Compare reports High 124029
CVE-2008-0128 Tomcat Vulnerability Medium 124024
CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427 XSS vulnerability in input text boxes in the Reports and Settings page High 123323
CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928, CVE-2019-8929 Path traversal vulnerability High 123323
Internal An operator user could access some restricted folders by bypassing the session High 123241
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability High 123231
CVE-2018-12997, CVE-2018-12998 Arbitrary web script or HTML injection Medium 123169
CVE-2018-10803 Cross-site Scripting (XSS) in add Credential page Medium 123125